解决方案(不确定是否正确,但表明它正在工作):
资源服务器配置:
@Configurationpublic class ServerEndpointsConfiguration extends ResourceServerConfigurerAdapter { @Autowired JsonToUrlEnpredAuthenticationFilter jsonFilter; @Override public void configure(HttpSecurity http) throws Exception { http .addFilterBefore(jsonFilter, ChannelProcessingFilter.class) .csrf().and().httpBasic().disable() .authorizeRequests() .antMatchers("/test").permitAll() .antMatchers("/secured").authenticated(); }}过滤:
@Component@Order(value = Integer.MIN_VALUE)public class JsonToUrlEnpredAuthenticationFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (Objects.equals(request.getContentType(), "application/json") && Objects.equals(((RequestFacade) request).getServletPath(), "/oauth/token")) { InputStream is = request.getInputStream(); ByteArrayOutputStream buffer = new ByteArrayOutputStream(); int nRead; byte[] data = new byte[16384]; while ((nRead = is.read(data, 0, data.length)) != -1) { buffer.write(data, 0, nRead); } buffer.flush(); byte[] json = buffer.toByteArray(); HashMap<String, String> result = new ObjectMapper().readValue(json, HashMap.class); HashMap<String, String[]> r = new HashMap<>(); for (String key : result.keySet()) { String[] val = new String[1]; val[0] = result.get(key); r.put(key, val); } String[] val = new String[1]; val[0] = ((RequestFacade) request).getMethod(); r.put("_method", val); HttpServletRequest s = new MyServletRequestWrapper(((HttpServletRequest) request), r); chain.doFilter(s, response); } else { chain.doFilter(request, response); } } @Override public void destroy() { }}请求包装器:
public class MyServletRequestWrapper extends HttpServletRequestWrapper { private final HashMap<String, String[]> params; public MyServletRequestWrapper(HttpServletRequest request, HashMap<String, String[]> params) { super(request); this.params = params; } @Override public String getParameter(String name) { if (this.params.containsKey(name)) { return this.params.get(name)[0]; } return ""; } @Override public Map<String, String[]> getParameterMap() { return this.params; } @Override public Enumeration<String> getParameterNames() { return new Enumerator<>(params.keySet()); } @Override public String[] getParameterValues(String name) { return params.get(name); }}授权服务器配置(对/ oauth / token端点禁用基本身份验证:
@Configurationpublic class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { ... @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.allowFormAuthenticationForClients(); // Disable /oauth/token Http Basic Auth } ...}
